# -*- coding: utf-8 -*-# Copyright 2007, 2008, 2009 by Benoît Chesneau <benoitc@e-engura.org># # Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.#importbase64importoperatorimporttimeimporturllibtry:fromhashlibimportmd5as_md5exceptImportError:importmd5_md5=md5.newfromdjango.db.models.queryimportQfromdjango.confimportsettingsfromopenid.associationimportAssociationasOIDAssociationimportopenid.store.interfaceimportopenid.storefromdjango_authopenid.modelsimportAssociation,Noncefromdjango_authopenid.utilsimportOpenIDclassDjangoOpenIDStore(openid.store.interface.OpenIDStore):def__init__(self):self.max_nonce_age=6*60*60# Six hoursdefstoreAssociation(self,server_url,association):assoc=Association(server_url=server_url,handle=association.handle,secret=base64.encodestring(association.secret),issued=association.issued,lifetime=association.lifetime,assoc_type=association.assoc_type)assoc.save()defgetAssociation(self,server_url,handle=None):assocs=[]ifhandleisnotNone:assocs=Association.objects.filter(server_url=server_url,handle=handle)else:assocs=Association.objects.filter(server_url=server_url)ifnotassocs:returnNoneassociations=[]expired=[]forassocinassocs:association=OIDAssociation(assoc.handle,base64.decodestring(assoc.secret),assoc.issued,assoc.lifetime,assoc.assoc_type)ifassociation.getExpiresIn()==0:expired.append(assoc)else:associations.append((association.issued,association))forassocinexpired:assoc.delete()ifnotassociations:returnNoneassociations.sort()returnassociations[-1][1]defremoveAssociation(self,server_url,handle):assocs=list(Association.objects.filter(server_url=server_url,handle=handle))assocs_exist=len(assocs)>0forassocinassocs:assoc.delete()returnassocs_existdefuseNonce(self,server_url,timestamp,salt):ifabs(timestamp-time.time())>openid.store.nonce.SKEW:returnFalsequery=[Q(server_url__exact=server_url),Q(timestamp__exact=timestamp),Q(salt__exact=salt),]try:ononce=Nonce.objects.get(reduce(operator.and_,query))exceptNonce.DoesNotExist:ononce=Nonce(server_url=server_url,timestamp=timestamp,salt=salt)ononce.save()returnTruereturnFalsedefcleanupNonces(self,_now=None):if_nowisNone:_now=int(time.time())expired=Nonce.objects.filter(timestamp__lt=(_now-openid.store.nonce.SKEW))count=expired.count()ifcount:expired.delete()returncountdefcleanupAssociations(self):now=int(time.time())expired=Association.objects.extra(where=['issued + lifetime < %d'%now])count=expired.count()ifcount:expired.delete()returncountdefgetAuthKey(self):# Use first AUTH_KEY_LEN characters of md5 hash of SECRET_KEYreturn_md5(settings.SECRET_KEY).hexdigest()[:self.AUTH_KEY_LEN]defisDumb(self):returnFalse